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PATENT 
CUSTOMER NO. 020991 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



Serial No.: 09/940,141 

Applicants; Cheline et al. 

Filed: August 23, 2001 

For: Single-Modem Multi-User Virtual Private Network 

TC/A.U.: 2144 

Examiner: Peling Andy Shaw 

Attorney Docket No.: PD-201 1 18 



APPEAL BRIEF 

Mail Stop Appeal Brief - Patents 
Commissioner for Patents 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 



Pursuant to 37 C.F.R. §1.192, the applicants hereby respectfully submit tbe following 
Brief in support of their appeal. 

(1) Real Party in Interest 

The DirecTV Group, Inc., a Delaware corporation, is the Real Party in Interest. 

(2) Related Appeals and Interferences 

There are no known related appeals or interferences that will directly affect or be 
directly affected by or have a bearing on the Board's decision in the present appeal. 

08/11/2886 HBINAS 88888849 5883B3 89948141 
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(3) Status of Claims 

Claims 1-9, 1 1-20, and 22*23 are pending. All of the claims are under final rejection. 

(4) Status of Amendments 

An amendment was filed on May 9, 2006 (subsequent to the final rejection). This 
amendment was entered by the Examiner. 

(5) Summary of Claimed Subject Matter 

Virtual Private Networks (VPNs) are private data networks that make use of tunnels 
to maintain privacy when communicating over a public telecommunication infrastructure 
such as the Internet. VPNs give server operators, such as corporations, the same capabilities 
and security that they would have if they used a private or switched network to conduct 
communications. 

Modems arc used to communicate between different entities in networks. For 
instance, a computer might use a modem to establish a connection with the Internet 
Unfortunately, in previous systems, multiple clients to the same client-side modem were not 
allowed to establish multiple VPN communication tunnels using the single modem. For 
instance, a husband and wife may have both wanted to telecommute with their offices from 
home using secure connections. However, previous approaches required both the husband 
and wife to purchase separate modems and utilize separate telephone lines. The additional 
modems were expensive to purchase and the added telephone lines increased inefficiencies in 
the overall system. 

The Applicants overcome the shortcomings of these previous approaches by 
providing approaches whereby, a client computer is coupled to a single modem within the 
client-side system. A request to establish a VPN session with a server-side system is received 
from a client computer and the request contains login details associated with a user at the 
computer. A network address of the client computer is determined and the user is 
authenticated based on the login details. A VPN tunnel is established between the client 
computer and the server-side system over the modem. 

Page 2 of 19 
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Thereafter, a new request is received to establish a new VPN session with a different 
server-side system from a different client computer that is connected to the same modem in 
the client- side system. The request contains new login details associated with the different 
computer. A new network address of the different computer is determined and the new user 
is authenticated based upon these new login details. Using this approach, separate tunnels are 
constructed over the same modem- Consequently, the need for extra hardware (i.e., modems) 
is eliminated and system efficiency is enhanced. 

As shown in FIG. 1 of the application, reproduced below for the convenience of the 
reader, a system 100 comprises a client-side system 108, a service provider system 146 T and a 
server side system 130. The client side system includes multiple clients 102. Separate 
tunnels are established between different ones of these clients and the server side system. For 
instance, a tunnel may be established between the client 102(1) and the server side system 
130. At the same time, a different tunnel may be established between the client 102(2) and 
the server side system 130. The tunnels are constructed over the same modem 106 of the 
client-side system 108. 

To take one example using the system of FIG. 1, a husband can operate and conduct 
communications from a computer 102(1) and his wife can operate and conduct 
communications from a different computer 102(2). Using the Applicants' approaches, a 
tunnel may be established between the client 102(1) (i.e., the husband) and the server side 
system 130. Thereafter, a different tunnel may be established between the client 102(2) (i.e., 
the wife) and the server side system 130. Both tunnels are constructed using the same 
modem 106 within the client-side system 108. 
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(6) Grounds of Rejection to be Reviewed on Appeal 

(A) Whether Claims 1-5, 8-9, 11-16, 19-20 and 22-23 are anticipated under 35 U.S.C 
§102 by U.S. Published Application 2002/0178361 to Gentry ("the Gentry application")? 

(B) Whether claims 6 and 17 are unpatentable under 35 U.S.C §103 over Gentry? 

(C) Whether claims 7 and 18 are unpatentable under 35 U.S.C. §103 over Gentry in 
view of U.S. Published Application 2002/0169988 to Vandergeest? 

(7) Argument 

(A) Claims 1-5, 8-9, 11-16, 19-20 and 22-23 are Not Anticipated by Gentry 

Claim I is an independent method claim and recites: 

1 , A computer implemented method for 
establishing a Virtual Private Network (VPN) communication 
tunnel between a client computer and a server-side system, 
comprising: 

receiving a request to establish a VPN session with 
a server-side system from at least one client computer out of a 
plurality of client computers coupled to a modem within a client- 
side system, where said request contains login details for a user of 
said at least one client computer, 

determining a network address of said at least one 
client computer 

authenticating said user based on said user login 

details; 

establishing a VPN tunnel between said at least 
one client computer having said network address and said server- 
side system, where said VPN tunnel is established over said 
modem; 

receiving a new request to establish a new VPN 
session with a different server-side system from a different client 
computer out of said plurality of client computers coupled to said 
modem within said client-side system, where said request contains 
new login details for a new user of said different client computer, 

determining a new network address of said 
different client computer; 

authenticating said new user based on said new 
user login details; and 

establishing a new VPN tunnel between said 
different client computer having said new network address and 

Page 5 of 19 
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said new server-side system, where said VPN tunnel is established 
over said modem. 

In other words, the Applicants claim establishing two tunnels between two different client 
computers and two different server side systems. Each of the different tunnels is also 
established with different login details. 

Without issuing a specific rejection, the Examiner hinted that the above recitations are 
not supported in the Specification. Specifically, the Examiner stated in the Advisory Action 
that "[t)here is no specific saying [in the specification] that the connection would happen at 
the same time over the same modem. There is no specific saying if additional consideration 
is required in applying the method for more than one computer." The Applicants respectfully 
disagree with these assertions. 

Specifically, at page 3, lines 26-29 the Applicants state that cuirent systems "do not 
allow multiple clients coupled to the same client side modem to establish multiple ■ 
communication tunnels over the same modem " At page 6, lines 27-29, the Applicants state 
that "a VPN system is established that allows multiple clients coupled to the same client side 
modem to establish multiple VPN communication tunnels over the same modem/' In 
addition, FIGs. 4a-c, "are flow charts of a method 400 for establishing multiple VPN tunnels 
over a single modem." Specification, page 21, lines 21-22. These flow charts show the 
establishment of a tunnel. Given the above-mentioned language, the approaches of FIGs. 4a- 
c can be repeatedly used to establish further tunnels. Consequently, the Applicants assert that 
the claim language recited in claim 1 is fully supported by the Specification. 

In his rejections, the Examiner asserted that FIGs. 1 and 2 of Gentry included all 
elements of claim 1. Additionally, with respect to FIG. 1 of Gentry, the Examiner stated that 
**FIG. 1 shows that multiple connections are together, i.e., at the same location, it is clear that 
VPNs are for multiple computers at the same time and same location. As Gentry teaches 
sharing the Internet, it is clear that using the same WAN is intended. In summary Gentry 
does show sharing the Internet ~ in providing VPN connections for multiple computers and 
eliminating traditional leased lines over WAN; the WAN is over ISDN, i.e., a modem." The 
Applicants respectfully disagree with these rejections and statements and assert that claim 1 
is allowable over Gentry. 

Page 6 of 19 
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Specifically, FIG. 1 of Gentry (reproduced below for the convenience of the reader) 
shows a single computer system 100 communicating with multiple VPNs 120, 140 and 160- 
Gentry shows that the computer system 100 can communicate with the multiple vpNs by 
establishing multiple tunnels, one corresponding to each VPN (see Gentry paragraph 39). 

Each VPN 120, 140, and 160 is shown as including multiple computers. However, 
only one connection is shown from each of the VPNs 120, 140, and 160. Gentry is silent as 
to establishing two separate connections from two separate computers from the same client 
side system (e.g, VPN) as recited in claim 1. In fact* as shown in FIG. 1 of Gentry, the 
connection to each VPN 120, 140, or 160 is a connection to a single computer 130, 150, or 
170 within each VPN. 

Additionally, the connections from the VPNs 120, 140, and 160 are to the same 
computer system 100, not to different server side systems, as recited in claim 1. 

Moreover, there is no teaching in Gentry that any of the multiple connections would 
use the same modem. In fact, since each tunnel is from a separate VPN and each VPN must 
communicate with the Internet 110, separate modems must be used to forward the 
communications to the Internet 110. This is exactly the opposite of the approach recited in 
claim 1, where a single modem carrying multiple connections is recited. 

Furthermore, although three connections are shown originating from the Internet 1 10, 
there is no indication these are made from the same modem. In any case, the modem recited 
in claim 1 is positioned within a client-side system (i.e., VPNs 120, 140, or 160), not within 
an intermediate network (i.e, the Internet 1 10). 
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Figure 1 



Page 8 of 19 



PAGE 12/23 2 RCVD AT 8/10/2006 5:49:24 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/44 * DN1S:2738300 * CSID:31 09640941 ' DURATION (mm*ss):03-22 



08/10/2006 14:52 FAX 3109640941 



P & L LEGAL 



Ig| 013/023 



Serial No, 09/940,141 



The system illustrated in FIG- 2 of Gentry also does not contain various elements 
recited in claim 1 . Specifically, FIG. 2 of Gentry (reproduced below for the convenience of 
the reader) shows a single computer 200 communicating with multiple computers 230, 240, 
250, and 260. As shown in FIG. 2, single tunnels 235, 245* 255, and 265 connect one 
computer 200 to computers 230, 240, 250, and 260. All the computers shown in FIG. 2 are 
located at the same site (i.e,, within the same VPN). In other words, there is no indication 
that different client side computers are coupled to different server side system computers 
using different tunnels as recited in claim 1 . 




[ VPN 
I CartftQurtfcn 



I Qatatot 




Figure 2 
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In both of these examples (shown in HGs. 1 and 2 of Gentry), there is no teaching or 
suggestion in Gentry of different client computers communicating with different server side 
computers using the same modem. Consequently, the Applicants assert that claim 1 includes 
elements not taught or suggested by Gentry and that claim 1 is allowable over Gentry. 

Claims 13 and 22 have recitations similar to claim 1 and the Applicants assert that 
claims 13 and 22 are allowable for the same reasons as given above with respect to claim 1. 
Claims 2-4, 8-9, 11-12, 14-16, 19-20, and 23 ultimately depend upon claims 1, 13, or 22 
which have been shown to be allowable above, and therefore, these claims are ako allowable. 
In addition, they introduce additional content that, particularly when considered in context 
with the claims from which they depend, introduce additional incremental patentable subject 
matter. Accordingly, the Applicants reserve the right to present further arguments in the 
future with regard to these dependent claims if independent claims 1, 13, or 22 are found to 
be unpatentable. In view of the foregoing, the Applicants assert that claims 1-5, 8-9, 11-16, 
19*20 and 22-23 are allowable. 

(B) Claims 6 and 17 are Allowable over Gentry 

Claims 6 and 17 ultimately depend upon claims 1 and 13, which have been shown to 
be allowable above, and therefore, these claims are also allowable. In addition, they 
introduce additional content that, particularly when considered in context with the claims 
from which they depend, introduce additional incremental patentable subject matcer. 
Accordingly, the Applicants reserve the right to present further arguments in the future with 
regard to these dependent claims if independent claims 1 and 13 are found to be unpatentable. 
In view of the foregoing, the Applicants assert that claims 6 and 17 are allowable. 

(C) Claims 7 and 18 are Allowable over Gentry in view of Vandergeest 

Claims 7 and 18 ultimately depend upon claims 1 and 13, which have bee:i shown to 
be allowable above, and therefore, these claims are also allowable. In addition, they 
introduce additional content that, particularly when considered in context with the claims 
from which they depend, introduce additional incremental patentable subject matter. 
Accordingly, the Applicants reserve the right to present further arguments in the future with 
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regard to these dependent claims if independent claims 1 and 13 are found to be unpatentable. 
In view of the foregoing, the Applicants assert that claims 7 and 18 are allowable. 



In view of the foregoing, it is submitted that the application is in condition for 
allowance which is respectfully requested. The Commissioner is hereby authorized to charge 
any additional fees which may be required to Deposit Account No. 50-0383. 



Date: August 10, 2006 

Address all correspondence to: 

The DirecTV Group, Inc. 

CA/LA1/A109 

2230 E. Imperial Highway 

P.O. Box 956 

El Segundo, CA 90245 

Telephone: (310)964-4615 
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(8 ) Claims Appendix 

Claim 1 (Previously presented): A computer implemented method for 
establishing a Virtual Private Netwoik (VPN) communication tunnel between a client computer 
and a server-side system, comprising: 

receiving a request to establish a VPN session with a server-side system from at 
least one client computer out of a plurality of client computers coupled to a modem within a 
client-side system, where said request contains login details for a user of said at least one client 
computer; 

determining a network address of said at least one client computer; 

authenticating said user based on said user login details; 

establishing a VPN tunnel between said at least one client computer having 
said network address and said server-side system, where said VPN tunnel is established over 
said modem; 

receiving a new request to establish a new VPN session with a different server- 
side system from a different client computer out of said plurality of client computers coupled to 
said modem within said client-side system, where said request contains new login details for a 
new user of said different client computer; 

determining a new network address of said different client computer, 
authenticating said new user based on said new user login details; and 
establishing a new VPN tunnel between said different client computer having 
said new network address and said new server-side system, where said VPN tunnel is 
established over said modem. 

Claim 2 (Original): The computer implemented method of claim 1, wherein 
said receiving further comprises obtaining security details from said client. 

Claim 3 (Original): The computer implemented method of claim 1, wherein said 
determining further comprises reading a connection log to extract the network address of said at 
least one client computer. 
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Claim 4 (Original): The computer implemented method of claim 1, further 
comprising the step, after said detennining step, of storing said network address. 



Claim 5 (Original): The computer implemented method of claim 1, wherein said 
authenticating further comprises the steps of: 

transmitting said login details to an authentication server for authentication; 

and 

accepting an authentication response from said server. 



Claim 6 (Original): TTie computer implemented method of claim 5, wherein said 
transmitting further comprises sending said login details to a Radius server. 



Claim 7 (Original): The computer implemented method of claim 1, wherein said 
authenticating step further comprises the steps of: 

transmitting said login details to an authentication server for authentication; 
accepting a challenge from said server; and 

IB-transmitting said login details to said authentication server for authentication. 



Claim 8 (Original): The computer implemented method of claim 1, wherein said 
deterrrdning further comprises ascertaining an Internet Protocol (IP) address of said client. 

Claim 9 (Original): The computer implemented method of claim 1, wherein said 
determining further comprises ascertaining a Media Access Control (MAC) address of said 
client 



Claim 10 (Canceled) 



Claim 1 1 (Previously presented): A computer implemented method for 
establishing a Virtual Private Network (VPN) communication tunnel between a client computer 
and a server-side system, comprising: 
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receiving a request to establish a VPN session with a server-side system from at 
least one client computer out of a plurality of client computers coupled to a modem within a 
client-side system, where said request contains login details for a user of said at least one client 
computer; 

determining a network address of said at least one client computer; 

authenticating said user based on said user login details; 

establishing a VPN tunnel between said at least one client computer having said 
network address and said server-side system, where said VPN tunnel is established over said 
modem; 

receiving a new request to establish a new VPN session with said server-side 
system from a different client computer out of said plurality of client computers coupled to said 
modem within said client-side system, where said request contains new login details for a new 
user of said different client computer, 

determining a new network address of said different client computer, 
authenticating said new user based on said new user login details; and 
establishing a new VPN tunnel between said different client computer having said 
new network address and said server-side system, where said VPN tunnel is established over said 
modem. 

Claim 12 (Original): The computer implemented method of claim 1, further 
comprising severing the VPN tunnel after a predetermined time of inactivity. 

Claim 13 (Previously presented): A computer program product for use in 
conjunction with a computer system for establishing a Virtual Private Network (VPN) 
communication tunnel between a client computer and a server-side system, the computer 
program product comprising a computer readable storage and a computer program embedded 
therein, the computer program co mpri sing: 

instructions for receiving a request to establish a VPN session with a server side 
system from at least one client computer out of a plurality of client computers coupled to a 
modem within a client-side system, where said request contains login details for a user of said 
at least one client computer; 
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instructions for determining a network address of said at least one client 

computer, 

instructions for authenticating said user based on said user login details; 

instructions for establishing a VPN tunnel between said at least one client 
computer having said network address and said server-side system, where said VPN tunnel is 
established over said modem; 

instructions for receiving a new request to establish a new VPN session with a 
different server-side system from a different client computer out of said plurality of client 
computers coupled to said modem within said client side system, where said request contains new 
login details for a new user of said different client computer; 

instructions for detenruning a new network address of said different client 

computer, 

instructions for authenticating said new user based on said new user login details; 

and 

instructions for establishing a new VPN tunnel between said different client 
computer having said new network address and said new server side system, where said VPN 
tunnel is established over said modem. 

Claim 14 (Original): The computer program product of claim 13, wherein said 
instructions for detenruning further comprise instructions for reading a connection log to extract 
the network address of said at least one client computer. 

Claim J 5 (Original): The computer program product of claim 13, wherein said 
computer program further comprises instructions for storing said network address. 

Claim 16 (Original): The computer program product of claim 13, wherein said 
instructions for authenticating further comprise: 

instructions for transmitting said login details to an 
authentication server for authentication; and 

instructions for accepting an authentication response from said server. 
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Claim 17 (Original): The computer program product of claim 13, wherein said 
instructions for transmitting further comprise instructions for sending said login details to a 
Radius server. 



Claim 1 8 (Original) : The computer program product of claim 13, wherein 
said instructions for authenticating further comprise: 

instructions for transmitting said login details to an authentication server for 

authentication; 

instructions for accepting a challenge from said server; and 

instructions for re-transmitting said login details to said authentication server for 

authentication. 



Claim 19 (Original): The computer program product of claim 13, wherein said 
instructions for determining further comprise instructions for ascertaining an Internet Protocol 
(IP) address of said client 



Claim 20 (Original): TTie computer program product of claim 13, wherein said 
instructions for determining further comprise instructions for ascertaining a Media Access 
Control (MAC) address of said client. 



Claim 21 (Canceled) 

Claim 22 (Previously presented): A computer program product for use in 
conjunction with a computer system for establishing a Virtual Private Network (VPN) 
communication tunnel between a client computer and a server-side system, the computer 
program product comprising a computer readable storage and a computer program embedded 
therein, the computer program comprising: 

instructions for receiving a request to establish a VPN session with a server side 
system from at least one client computer out of a plurality of client computers coupled to a 
modem within a client-side system, where said request contains login details for a user of said 
at least one client computer, 
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instructions for determining a network address of said at least one client 

computer, 

instructions for authenticating said user based on said user login details; 
instructions for establishing a VPN tunnel between said at least one client computer having said 
network address and said server-side system, where said VPN tunnel is established over said 
modem; 

instructions for receiving a new request to establish a new VPN session with said 
server-side system from a different client computer out of said plurality of client computers 
coupled to said modem within said client-side system, where said request contains new login 
details for a new user of said different client computer, 

instructions for detennining a new network address of said different client 

computer, 

instructions far authenticating said new user based on said new user login details; 

and 

instructions for establishing a new VPN tunnel between said different client 
computer having said network address and said new server-side system, where said VPN tunnel 
is established over said modem. 

Claim 23 (Original): The computer program product of claim 13, wherein said 
computer program further comprises instructions for severing the VPN tunnel after a 
predetermined time of inactivity. 
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(9) Evidence Appendix 
Not Applicable. 
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(10) Related Proceedings Appendix 

Not applicable. 



Page 19 of 19 



PAGE 23Q3 * RCVD AT 8/1012005 5:49:24 PM [Eastern Daylight Trnie] * SVR:USPTO-EFXRF-6/44 1 DNIS:2738300 * CSID:3109640941 * DURATION (mm-ss):03-22 



